doushishi2415 2019-04-12 12:17 采纳率: 0%
浏览 41
已采纳

从Golang Buffalo网络应用发送推文时,无法设置CSRF令牌

I am having trouble with a Go Buffalo web app I am trying to build. I basically have a standard form on the front end that, when clicked, is supposed to send a tweet to the Users twitter account. I get a "500: CSRF Not found" when doing so. I am using the Go Buffalo framework for the web app and go-twitter to handle the twitter API.

I have little to no experience with CSRF so was hoping somebody could help me in this specific case.

The tweet.HTML:

<h3>Tweet tweet!</h3>
<form action="/tweet" method="POST">
    <div class="form-group">
        <label for="tweet">Your tweet:</label>
        <input type="text" name="tweet" class="form-control" id="tweet" placeholder="Tweet body" 
        value="">
    </div>
    <button type="submit" class="btn btn-primary">Send</button>
</form>

The router:

app.POST("/tweet", SendHandler)

Tweet.go (Contains SendHandler function):

package actions

import (
    "fmt"
    "log"
    "os"

    "twitapp/twitter"

    "github.com/gobuffalo/buffalo"
)

var creds = twitter.Credentials{
    AccessToken:       os.Getenv("ACCESS_TOKEN"),
    AccessTokenSecret: os.Getenv("ACCESS_TOKEN_SECRET"),
    APIKey:            os.Getenv("API_KEY"),
    APISecret:         os.Getenv("API_SECRET"),
}

type TweetForm struct {
    TweetBody string
}

// TweetHandler is the handler for the Tweet page
func TweetHandler(c buffalo.Context) error {
    return c.Render(200, r.HTML("tweet.html"))
}

//SendHandler Function used by tweet.html to send the tweet/
//Takes in variables from twitter/server.go
func SendHandler(c buffalo.Context) error {

    var form TweetForm
    body := form.TweetBody

    fmt.Printf("%+v
", creds)

    //Gets the client from the twitter package
    client, err := twitter.GetClient(&creds)
    if err != nil {
        log.Println("Error getting Twitter Client")
        log.Println(err)
    }

    //Sending the actual tweet. Body from the form
    tweet, resp, err := client.Statuses.Update(body, nil)
    if err != nil {
        log.Println(err)
    }
    log.Printf("%+v
", resp)
    log.Printf("%+v
", tweet)
    return c.Redirect(302, "/tweet/confirm")

}

There is also a GetClient function that is called from the SendHandler function but I cant imagine the problem is in there as it standard code that sets up the twitter client for the call. Appreciate any help/pointing in the right direction. I dont have enough knowledge of CSRF to apply it to this at the moment.

  • 写回答

2条回答 默认 最新

  • duangan6133 2019-04-14 11:18
    关注

    After looking through the GoBuffalo docs, and in particular THIS part of the forms page, All i had to do was add this line of code to my form (tweet.html) to handle the authenticity token.

    <input name="authenticity_token" type="hidden" value="<%= authenticity_token %>">
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler